SOTI Pulse Logo

QR Code enrollment and WiFi configuration

Solved
DP
Daniel Palmeira
Novozymes A/S

Our IT is looking into migrating the WiFi we use our mobile devices to a cluster SSID, in which the devices will connect to a specific SSID base on MAC address rule filter.

We are having issue to enroll devices, with the QRcode method using the cluster network; the device is never able to connect to WiFi. My assumption is that this happens because the A11+ devices have MAC randomizer as default. Has anyone faced similar issue, or has a similar network setup? Is there a way to disable MAC randomizer without start regular Android setup?

We are using Zebra TC77s devices and are on Mobicontrol 2024.0.1.1020 (on premises).

a year ago
Android
ANSWERS
RS
Rafael Schäfer
a year ago

I recommedn to use TageNow Barcodes for enrolling Zebra devices instead.

I think i remmeber that you can disable MAC randomization there but need to take a look into it.

I found it but you need to:
1. Create in StageNow a new setting for Wifi, there you can disable MAC randomization
2. Create the StageNow "Enroll into an MDM" Profile where you reuse this previously created setting

I haven't tested but this should cover your needs.
And a benefit of StageNow Barcodes is, that they can be encrypted and not providing it's information in clear text as normal QR Codes do.

Solution
MD
Matt Dermody Diamond Contributor
a year ago

Can confirm. We do this regularly now with Zebra SOTI enrollments. You can have the MAC randomization "feature" disabled by Zebra MX as part of the StageNow barcode that also configures your wireless settings and then you can use the subsequent StageNow barcode to download, install, and set the agent as Device Owner automatically before it is launched. 

I don't think you're going to otherwise be able to disable MAC randomization first as part of the exposed options in QR code enrollment. 

DP
Daniel Palmeira
a year ago

@Rafael and @Matt, thanks. Using StageNow is the current process we have for enrollment, although we actually used Mobi Agent for actual SOTI enrollment. But I wanted to move to the SOTI QR code for 2 reasons: 1. Being simpler for regional super users to grasp the setup (they got mixed up around the barcodes to scan. Maybe using StageNow for the last part would confuse them lass).

2. Our mobile computer management is handled outside IT, so we don't have StageNow proper setup in a server to download the agent. Today it's being managed by a 3rd party, but we wanted to internalize as much as possible the ownership of this process.

Anyhow, I believe you are right and we will not be able to adjust this configuration before device initial setup.
We might go with using an specific SSID just for enrollment, which users can use a phone or different device to hotspot it. Then use a package to setup proper WiFi without MAC random, using StageNow.

MD
Matt Dermody Diamond Contributor
a year ago
RC
Raymond Chan Diamond Contributor
a year ago

Hi Daniel,

Could to please clarify what you mean when you mention "MAC address rule filter"?

Could you please give details of your cluster network?  And detailed steps taken when you tried but failed to get device connected to Wifi?    Based on what information/observation did you make assumption that the problem is related to MAC randomization?

DP
Daniel Palmeira
a year ago

Hi Raymond,

Sure. Our IT decided to join several specific networks under a single SSID. Devices will no longer see SSIDs A, B or C, only X. Once a device join X, based on MAC address whitelisting for A, B or C, they will then be "rerouted" to that network. The MAC random, then breaks this as they are not whitelisted.

My assumption is based on, that this X network is the only one I cannot do the QR code with A11+. With older devices with A8.1 it worked, and doing directly with A it works. 

DP
Daniel Palmeira
a year ago

I forgot the steps:

1. Setup enrollment
2. Setup QRCode with WiFi and password
3. Factory reset a test device
4. 6x click and scan the barcode
5. Setup starts, but never connects to WiFi.

With other networks it connects right away.

RS
Rafael Schäfer
a year ago

As Matt and I already stated: This is because of MAC randomization which can't be turned off by a normal enrollment QR as this option doesn't exist there.

You need to use Stagenow Barcodes (highly recommended) in this regard or skip the idea of the MAC thing.

Or you need an Enrollment Wifi where the MAC doesn't matter and, provide the productive Wifi with turned off MAC randomization and delete the staging Wifi when it reaches your Mobicontrol server. (a somehow bad workaround)

T
TLMOD@SOTI
a year ago

Hi Daniel,


Thanks for posting on SOTI pulse. Thanks Rafael, Matt and Raymond for responding to the post, your expertise and willingness to help are greatly appreciated!


Has your query been resolved? If not, or if you have any additional concerns, please don't hesitate to reach out. We are dedicated to providing assistance and support.


Also, if this post has helped you in solving your query, I would request you to mark the particular comment as "is solution", so that others may benefit from this information.


Kind Regards,

Similar Discussions